<?php
namespace app\custom_user\controller;

use cmf\controller\BaseController;
use think\Db;
use app\custom_user\model\UserModel;

/**
 * 基于OAuth的单点登录功能，服务端
 */
class OAuthController extends IndexController
{
    public function authorize()
    {
        session("login_redirect_url",$this->request->url());
        $user=$this->checkLogin();

        $client_id=input("client_id");//AppKey
        $response_type=input("response_type");//固定为code
        $redirect_uri=input("redirect_uri");//YourSiteUrl
        $redirect_uri=htmlspecialchars_decode($redirect_uri);

        $client=Db::table("ue_oauth_client")->where(["id"=>$client_id])->find();
        if(!$client){
            $this->error("未注册的授权登录客户端");
        }
        
        //生成并保存code
        $code=cmf_random_string(40);
        $data=[
            "client_id"=>$client["id"],
            "user_id"=>$user["id"],
            "code"=>$code,
            "ticket"=>"",
            "create_time"=>time(),
            "status"=>0
        ];
        Db::table("ue_oauth_code")->insert($data);

        $this->redirect("$redirect_uri?code=$code");
    }
    public function access_token()
    {
        config("default_return_type","json");
        $client_id=input("client_id");//AppKey
        $client_secret=input("client_secret");//AppSecret
        $code=input("code");//code
        $data=Db::table("ue_oauth_code")->where("code= '$code' AND status = 0 AND create_time > ".(time()-600))->find();
        if(!$data){
            $this->error("验证码已失效");
        }

        //根据不同的验证模式检查加密数据是否正确
        $client=Db::table("ue_oauth_client")->where(["id"=>$data["client_id"]])->find();
        if(!$client){
            $this->error("未注册的授权登录客户端");
        }
        if($client["verify_mode"]==="plain"){
            if($client_secret!==$client["verify_key"]){
                $this->error("验证数据错误");
            }
        }
        elseif($client["verify_mode"]==="md5"){
            $secret=md5($client["verify_key"].$code);
            if($client_secret!==$secret){
                $this->error("未通过校验");
            }
        }
        elseif($client["verify_mode"]==="rsa"){
            //TODO:校验RSA签名
        }
        else{
            $this->error("未定义的验证模式");
        }
        
        //根据不同的验证类型返回数据
        $um=new UserModel();
        $user=$um->db()->field("id,username,nickname,avatar,signature,sex,birthday,url,token")->where(["id"=>$data["user_id"]])->find()->getData();
        if(!$user){
            $this->error("用户不存在");
        }
        if($client["auth_type"]!=="token"){
            unset($user["token"]);
        }
        if($client["auth_type"]==="ticket"){
            $data["ticket"] = cmf_random_string(40);
            $user["ticket"] = $data["ticket"];
        }

        //更新oauth_code表
        Db::table("ue_oauth_code")->where(["code"=>$code])->update([
            "ticket"=>$data["ticket"],
            "status"=>1
        ]);
        $this->result($user,1);
    }
    public function user_detail()
    {
        config("default_return_type","json");
        $ticket=input("ticket");
        $data=Db::table("ue_oauth_code")->where(["ticket"=>$ticket])->find();
        if(!$data){
            $this->error("请先获取授权");
        }
        $um=new UserModel();
        $user=$um->db()->where(["id"=>$data["user_id"]])->find();
        if(!$user){
            $this->error("用户不存在");
        }
        unset($user["password"]);
        unset($user["token"]);
        $this->result($user,1);
    }
}
